IPv6 DNS issue
Policyd however should be as easy as downloading the .tar.gz, extracting it and throwing a ./cbpolicyd to fire it up.
I've tried that (downloaded cluebringer-v2.1.x-201310261831.tar), and I believe I've found an issue - emails from gmail were being rejected. Took me ages scratching my head before I realised it wasn't Postfix generating my rejects. But I think I've tracked it down.
I was getting rejects like this : reject: RCPT from mail-wi0-x241.google.com[2a00:1450:400c:c05::241]: 554 5.7.1 <>: Recipient address rejected: Invalid HELO/EHLO; Cannot resolve 'mail-wi0-x241.google.com', no records found; from=****@gmail.com to=<> proto=ESMTP helo=<mail-wi0-x241.google.com>
I found this strange as that address does resolve.
So I removed my IPv6 MX record, and things worked fine. So I started digging, grepped the code, and I think I may have found the issue - but as I don't do Perl I could be completely wrong !
In CheckHelo.pm I see it does (line 317) : my $res = Net::DNS::Resolver->new; my $query = $res->search($sessionData->{'Helo'}); So I did a search and came across this : http://www.net-dns.org/docs/Net/DNS/Resolver.html Where it says : "The record type and class can be omitted; they default to A and IN"
In the case of gmail, the FQDN only resolves to AAAA records - hence no results for the default search.
I changed line 318 to "my $query = $res->search($sessionData->{'Helo'},"A","AAAA","MX");" and the HELO failure stopped, now I get a different error to track down ! I obviously didn't get it right as PolicyD logs : [CBPOLICYD] ERROR: Error running module request_process(): Net::DNS::classesbyval() argument is not CLASS### (AAAA) at /usr/lib/perl5/Net/DNS.pm line 261 and a load of other Perl errors (traceback).
Also, looking at the above page, would it not be more correct to use "query" rather than "search" ? I can't personally see any situation where you'd want to be adding local domains to a helo provided FQDN to find an answer.
One thing I did learn from this is that it would help if the PolicyD messages were easily distinguishable from Postfix messages !